Agency responsible: National Archives of Australia 
Category type: Required practice
Policy: Building trust in the public record

The Building trust in the public record: managing information and data for government and community policy identifies key requirements for managing Australian Government information assets (records, information and data).

It helps Australian Government agencies improve how they create, collect, manage and are able to use information assets.

The Australian Government relies on well-managed information to better support, protect and serve the community. The policy complements and supports Australian Government agendas to:

• digitally transform Australian Government services
• protect Australian Government information assets
• maximise the use and re-use of Australian Government information assets.

Agency responsible: National Archives of Australia 
Category type: Required practice
Policy: Digital Continuity 2020 Policy

The Digital Continuity 2020 Policy enables the integration of information governance principles and practices into the work of agencies and their governance arrangements to:

• optimise the delivery of government programs and services
• enable information reuse for economic and social benefits
• protect the rights and entitlements of Australians

For a broader introduction to the policy visit the About the Digital Continuity Policy page.

Agency responsible: Digital Transformation Agency (DTA)
Category type: Required practice
Subject: Standard Access
Standard: Digital Service Standard

This is a set of best-practice principles for designing and delivering government services. It helps digital teams to build services that are simple, clear and fast. Some of the criteria include:

• understanding user needs and providing services online
• establishing a multidisciplinary team for the service
• taking an agile and user-centred design and delivery process
• implementing open standards and common platforms

Agency responsible: Attorney General’s Department (AGD)
Category type: Required practice with a set of mandatory components
Subject: Security
Policy: Protective Security Policy Framework (PSPF)

The PSPF is the Australian Government's protective security policy. It is designed to help government agencies protect their people, information and assets, both in Australia and overseas.

The Information security core policy is central to the framework. It contains four core information security requirements on: identifying and assessing sensitive and classified information, enabling appropriate access to official information, safeguarding information from cyber threats, and developing robust ICT systems. 

Agency responsible: Department of Home Affairs
Category type: Required practice
Subject: Security
Strategy: Cyber Security Strategy

This strategy establishes 5 themes of action for Australia’s cyber security to 2020:

• A national cyber partnership
• Strong cyber defences
• Global responsibility and influence
• Growth and innovation
• A cyber-smart nation

Agency responsible: Australian Signals Directorate (ASD)
Category type: Required practice
Subject: Security
Manual: Australian Government Information Security Manual (ISM)

The ISM outlines a cyber security framework for protecting information and systems from cyber threats. Australian Government agencies can apply this as part of their risk management framework.

Agency responsible: Digital Transformation Agency (DTA)
Category type: Required practice with a mandatory implementation element
Subject: Cloud
Policy: Australian Government Secure Cloud Strategy

This strategy focuses on helping Australian Government agencies use cloud technology. It provides the framework for change and supports agencies in their transition to cloud.